With almost everyone owning and extensively using a computer these days, the potential user base that could be accessed at a touch of a button is nearly limitless. And while that has lead to the groundbreaking expansion of technology in every field imaginable, that also resulted in an unprecedented increase in the exploitation of unknowing users.
The problem we came across was that even though there are countless ways for us more experienced computer users to protect ourselves and our data on the internet, majority of the solutions and knowledge available is presented in a fashion that is incomprehensible to the average computer user. And the little that was comprehensible was presented in a medium tedious to use, with horrible UX.
What it does
Baseband is a threat-assessment application that prioritizes one key element: ease of use. Our goal was to create an application that provides key security-enhancing functionality, presented in an interface that's accessible to the average user.
Our threat assessment works by evaluating a user’s computer in several important areas, rating them in each of the sections below, providing them with tips and information in how to improve their rating, and finally giving them a final score, evaluating their overall system security.
Current Security Checks
- Do you have the latest Windows updates?
- Do you have an antivirus that’s both up to date with the latest security definitions and activated?
- Do you have an active firewall?
- Are you using only password-protected, encrypted wireless networks?
- Are your inactivity timers set to strict limits?
- Is your UAC set to a safe level?
How we built it
For the data-retrieval application, we chose C# due to the extensive libraries available to connect the application to Windows services, which later proved very useful in the implementation of the security checks. (We also chose it because Gordon has a thing for C#)
Finally, for the server-side, we chose Node.js due to its rapid-prototyping ability, ease of implementation on web servers, and our pre-existing experience using the language. We hosted this on AWS for dependable access
Challenges we ran into
We originally came into the hackathon planning to make Internet-Over-Voice app which created a proxy-based device-wide internet connection using a voice plan. However, we later realized that some of the demodulation wasn’t possible through voice on android, so we decided to scrap that idea.
This resulted in us being quite well into MHacks without a concrete idea, and this created a time barrier that was very restrictive for us throughout the event.
In creating the utility, one of the biggest challenges we faced was finding access to Windows services and internal OS data through APIs. We spent a significant amount of our time digging through documentation to find the information we needed.
Accomplishments that we're proud of
We’re proud of the clean user interface that’s easy to understand for the average computer user.
What we learned
We learned that we should verify the feasibility of our ideas before hackathons to prevent wasting time during the actual event. We also learned a lot about Windows security, and the various APIs and level of access developers have to the most sensitive Windows’ services.
What's next for Baseband
We originally brainstormed a list of about 15 security checks that Baseband should be capable of performing. Of that list, we eliminated a couple, such as checking for drive encryption, because of an inability to perform the checks. But were later left with several unimplemented ideas due to time restrictions:
- Vulnerable Services
- Backup status and safety
- Application security updates
- Safe file sharing permissions
- Old software use
Ultimately, we want to continue building new functionality into Baseband, but while keeping our vision in mind: to create the ultimate easy-to-use threat-assessment utility for everyone.